Part 1: Introduction to O365's Advanced Threat Protection features

5 minute read time.

Are you using Sage 50 Cloud with the Office 365 integration? Do you manage threat protection for your organization? If so, then perhaps you're assuming that you're fully protected from spam and malware. MS Office 365 does have Advanced Threat Protection built in to help keep your data safe; however, Advanced Threat Protection won't protect you from most attacks unless you turn on the ATP policies.

In this series, inspired by Andrew Bettany's Lynda.com course: Staying safe with Advanced Threat Protection (ATP) we'll cover top tips for keeping your business and users safe.

ATP is an awesome product that you can use to protect your organization from attack . Implementing it will raise the threat awareness and keep your users safe.

Are you a confident Office 365 user with a good understanding of how email-borne threats such as malware, phishing and spoofing can cause disruption to your users?

What to know about emailed threats:

When you have an Office 365 subscription, you can host emails in the Cloud. All spam and malware protection is provided by Microsoft Exchange Online services, and all mail that is stored in mailboxes, in Office 365, is automatically protected.

Still, just because you put all of your data into the cloud and use Office 365, you're not magically immune from malware attacks and threats. However, you are well protected from malware and viruses because of some clever technology within the suite of tools and services contained in Office 365 Advanced Threat Protection.

Why is ATP in O365 useful?

Let's review how ATP protects data stored in Office 365 and how to use ATP to safeguard your data from harm. Organizations that generate and store data are at risk that that data could be stolen, sold, maliciously modified, deleted, or even held at ransom. The internet was not created with security in mind!

It is vital, therefore, that your organization protects its data. Threats can come from both inside and outside organizations. They can be malicious or as a consequence of an unintended action. These threats can include internal attacks by employees, where an employee has a grudge or a belief that leaking data is the moral thing to do. Or they're simply selling the data for money. Careless actions by employees, this includes leaking data by accident in emails, posting data via social media, or discussing your security measures in a public place.

Mobile devices can contain complete data, and these can be easily lost or stolen and may be at risk if not protected by passwords or encryption.

Risks also come from outdated security technology, which has been effective in the past, or is no longer keeping up with modern threats. This could be an old router or switch, or unsupported versions of software. Hacking and malware attacks for commercial or activist reasons are where individuals will attempt to illegally access and steal data by breaking into systems.

Finally, the latest threats from IT are all related to cloud services. Storing and delivering data via the cloud can expose risks, such as how to securely manage access, relying on third-party hosting, and the risk of data loss or corruption lost in the cloud. Data loss can have a massive impact for an organization. For example, it could cause monetary loss due to production or service downtime, IT infrastructure costs of repairing any damage caused, staff working overtime or having to hire specialized staff to restore the data, and investigate the data breach.

Tip*: Consider getting Cyber Insurance Coverage

There could also be a disruption to the operations of the business such as sales if data is missing information or unavailable. You could incur fines and legal action, which can be enforced by regulatory bodies as a result of any data breach, and laws include General Data Protection Regulations, or GDPR in the EU, or the HITECH Act in the U.S., which protects health data. It can also cause a loss of reputation and goodwill, which may affect future business opportunities, especially if the company is seen as being unreliable, unprofessional, or incompetent.

Basics available for Safeguarding your data on O365

With Office 365, there is very little difference between a hosted Cloud service, and your own on-premises infrastructure. Of course, Microsoft offers an economy of scale, which makes their cost lower for customers, but their services are still at risk of data loss, from malicious threats. Some of the common threats made against Office 365 data include spoofing, spam, and phishing. Spoofing is the act of sending out communications, made to look as though they originate from a different user or source.

Protections in O365 against Spoofing:

Office 365 guards against spoofing by adding a Sender Policy Framework, or SPF, text record to your domain, which is then made available via DNS. This protection is only available if you use a custom domain name, and not the default on microsoft.com. The SPF identifies which servers are authorized to send mail, for your domain, on your behalf. When a recipient email system receives mail, it will check the SPF record, to ensure that the email is coming from an authorized email server.

Protections in O365 against phishing

For phishing, all inbound email messages will be scrutinized and measured against machine learned models, using advanced algorithms, so that phishing messages can be detected. The anti-phishing protection attempts to detect and alert users whenever coercive emails, or fake websites, impersonating trusted websites are found. The anti-phishing protection is part of the Office 365 Advanced Threat Protection, which we'll cover in more detail, later in Part 2 of this series.